We can see the malware has sent some information related to the current running processes of my system !! But note we have also sent the size of each process ! This information can be used by future malware versions, maybe to create some evading-code or to detect certain processes “not much loved” by the malware.

As we can see from the image below, this driver is auto-loaded when the Operating System boots in Safe Mode:

During the analysis, were not detected SSDT/Shadow SSDT Hooks, no Stealth Code, I get BSOD when trying to open certain Anti-Rootkit software, the file Winkk44_sys is protected from changing/modification/deletion and also the registry keys are protected from changing/modification/deletion.